Some quick basic information
Router: Flint 2
Firmware: 4.6.4
I'm using dhcp (with reservation for the server in question)
The router is the main router and is directly connected to the modem from Comcast
This is a fairly niche issue, but basically I have a server on my network that I want to be reachable through the Wireguard server, I was able to set that up fairly easy. I recently setup https for some services that I want available outside my network and local https for some other services as well.
My network is accessible through the domain I use since I set it up to use ddns (through Cloudflare scripts) and the router port forwards correctly to the server on the network. But under the wireguard tunnel it seems to not port forward correctly since the urls that previously correctly went to the server all go to the router instead.
I did some further testing and found that I can actually get this to work by port forwarding port 443 from the wireguard zone (although this also forwards every request to the server, so all urls will result in incorrect certs since it is attempting to get them from the server in my network)
Is there a way to get the router's port forwards working under the wireguard tunnel? I am able to connect to the server no problem through ip and the allow local access from the tunnel. Just trying to access through the domain causes the port forward to fail for some reason.
Sorry for the late reply and thank you for the response. I ran the commands in the thread and it seems to still route requests to the router instead of the port forwarded server. Is there some additional rules that need to be setup for the wireguard server or is there a way to route the domain to the local ip address through route rules to get this working? Thanks again for your help.
public domain, sorry should have made that clear, when I say I'm using local https, I'm really just using regular https with a public domain and with access restricted to my local network on certain subdomains (this restricted access isn't the problem yet since the request never reaches the server in the first place). I'm using a reverse proxy (specifically SWAG) to facilitate this.
Doing some more research it seems to be the base wireguard configuration setup, I found some issues (mostly from pfsense and opensense) that touch upon some possible ways to fix it however I haven't found a clear solution that can be applied to the router. Here is what I found so far.
Could be related, but seems to be about something else:
I'm going to try a couple basic changes to see if I can get it to work, and I'll update if I found anything else or fix the issue.
With the internal ip address being the machine you are forwarding to (like a regular port forward)
Then in the advanced settings you set the "external ip address" to the interface that has your public ip (99.99% of the time it's probably a eth interface I believe):
This seems to work as I expect, but I suspect that it will block access to the router if you forward the same port that the webui is using for http\s access. For my setup this seems to work perfectly, and as such I'll mark it as solved, if someone finds a better solution feel free to chime in.